W32.Arpiframe

Discussion in 'NOD32 version 2 Forum' started by OzBoz, Jul 26, 2007.

Thread Status:
Not open for further replies.
  1. OzBoz

    OzBoz Registered Member

    Joined:
    Jan 26, 2006
    Posts:
    35
    Location:
    Queensland Australia
    W32.Arpiframe found on my system this morning, using another virus checker. My system was severely affected, so it was not a false positive.

    Just thought I'd mention it here, as I can't find any reference to this worm, either here or over at Esset.

    Cheers
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    Please compress the file using RAR/ZIP, protect the archive with the password "infected" and submit it to samples[at]eset.com along with this thread's url in the subject.
     
  3. OzBoz

    OzBoz Registered Member

    Joined:
    Jan 26, 2006
    Posts:
    35
    Location:
    Queensland Australia
    Unfortunately, I did not keep a quarantined copy when cleaning. My system was in such a mess, even after cleaning, only a System Restore would solve the problem.

    Cheers

    Brian
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    It could have been just a false positive and the problems were actually stemming from something else. Hence we always need to get and analyse any suspicious files you might come across before you delete them.

    I have found one sample that Symantec detects as W32.Arpiframe. It's just a hack tool, not a threat if that's the same file as the one you mean.
     
  5. OzBoz

    OzBoz Registered Member

    Joined:
    Jan 26, 2006
    Posts:
    35
    Location:
    Queensland Australia
    Ok, I'll keep that in mind for the future. It was only after checking on Symantec's site that I became aware that it was a worm that attacks HTML and browser. I was certainly experiencing problems in that line, which went away after I removed it, and repaired using a System Restore. It was certainly a nasty, and it was definitely there.

    Cheers

    Brian
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    It's just a command line tool, maybe other malware used to exploit it for malicious purposes.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.